好的,我现在需要帮用户总结一篇关于WordPress插件WPvivid Backup & Migration漏洞的文章,控制在100字以内。首先,我得仔细阅读文章内容,抓住关键点。 文章提到这是一个关键漏洞,影响超过90万网站,允许无认证上传任意文件,导致远程代码执行。漏洞编号是CVE-2026-1357,严重性评分9.8。影响所有版本到0.9.123。只有启用“接收来自其他站点的备份”选项的站点才会受影响。 攻击者有24小时的利用窗口,因为密钥的有效期是24小时。虽然这限制了暴露范围,但管理员很可能启用此功能进行迁移或备份。 漏洞原因在于RSA解密错误处理不当和文件名未正确清理。修复版本是0.9.124,增加了检查、文件名清理和限制上传类型。 总结时要包含:插件名称、漏洞影响、CVSS评分、受影响版本、攻击条件、攻击时间窗口、漏洞原因和修复建议。 现在把这些信息浓缩到100字以内,确保不遗漏重要点。 </think> WordPress插件WPvivid Backup & Migration存在严重漏洞(CVE-2026-1357),影响超90万网站。该漏洞可被利用上传任意文件并执行远程代码,CVSS评分为9.8。仅启用“接收备份”功能的站点受影响。修复版本已发布(0.9.124),建议用户立即升级以防范风险。 2026-2-12 17:15:16 Author: www.bleepingcomputer.com(查看原文) 阅读量:2 收藏
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.
The security issue is tracked as CVE-2026-1357 and received a severity score of 9.8. It impacts all versions of the plugin up to 0.9.123 and could lead to a complete website takeover.
Despite the severity of the issue, researchers at WordPress security company Defiant say that only sites with the non-default “receive backup from another site” option enabled are critically impacted.
Furthermore, attackers have a 24-hour exploitation window, which is the validity of the generated key required by other sites to send backup files.
This requirement limits realistic exposure; however, the plugin is commonly used for site migrations and backup transfers between hosts, so website administrators are very likely to enable this feature at some point, at least temporarily.
Researcher Lucas Montes (NiRoX) reported the vulnerability to Defiant on January 12. The root cause is the improper error handling in RSA decryption, combined with a lack of path sanitization.
Specifically, when the ‘openssl_private_decrypt()’ function fails, the plugin does not halt execution and instead passes the failed result (false) to the AES (Rijndael) routine.
The cryptographic library treats this as a string of null bytes, creating a predictable encryption key that an attacker can use to craft malicious payloads that the plugin would accept.
Additionally, the plugin failed to properly sanitize uploaded file names, allowing directory traversal. This allows writing files outside the intended backup directory and uploading malicious PHP files for remote code execution.
Defiant notified the vendor, WPVividPlugins, on January 22, following validation of the provided proof-of-concept exploit. A security update addressing CVE-2026-1357 was released in version 0.9.124 on January 28.
The fix includes adding a check to stop execution if RSA decryption fails, adding filename sanitization, and restricting uploads to allowed backup file types only, such as ZIP, GZ, TAR, and SQL.
Users of the WPvivid Backup & Migration WordPress plugin should be aware of the risks associated with the vulnerability and upgrade to version 0.9.124 as soon as possible.
The future of IT infrastructure is here
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
如有侵权请联系:admin#unsafe.sh